Kaspersky experts suggest that, during the pandemic, there has been a spike in social engineering techniques being exploited by cybercriminals. In addition to the rise of successful account takeovers, in 12% of fraudulent incidents, legitimate remote administration tools (RAT) such as TeamViewer were misused in an attempt to gain access to user accounts.
Kaspersky Fraud Prevention team distinguishes that there were two common types of approach used by attackers to obtain access to accounts. The first tactic sees scammers masquerade as ‘the rescuer’, where they pretend to be security experts and act out scenarios to ‘save’ users. They call bank customers posing as security officers and report suspicious charges or payments and offer their help.
The second example is where cybercriminals act as ‘the investor’, posing as employees of an investment company, or as investment consultants from a bank. They call customers offering a quick way to make money by investing in cryptocurrency or shares directly from the client's account, without having to go to a bank branch. As a prerequisite for providing the ‘investment service’, the investor asks the potential victim for the code received in a text message or push notification.
To stay protected from fraud techniques, Kaspersky recommends online services and retailers adopt the following measures:
Limit the number of attempts to conduct a transaction;
Educate your customers on possible tricks malefactors may use;
Conduct annual security audits and penetration tests to find security issues in a company’s network;
Have a dedicated fraud analysis team capable of finding and analysing the emerging methods fraudsters are using;
Implement multi-factor authentication to minimise the chance of accounts being taken over;
Install a fraud prevention solution that can be quickly adapted for identifying new attack schemes and methods.
Every day we send out a free e-mail with the most important headlines of the last 24 hours.
Subscribe now